-tgl does not list any tags

[chris-h2]

As I run

nuclei -tgl

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.7.0

        projectdiscovery.io

Listing available v10.3.8 nuclei tags for /home/kali/nuclei-templates

There are no tags printed here.

find nuclei-templates/ | wc -l 13698

This was already mentioned in https://github.com/orgs/projectdiscovery/discussions/6775, but probably got lost.

OS: kali linux
nuclei: v3.7.0
GO: go version go1.24.9 linux/amd64

[bad-antics]

This is a known regression in nuclei v3.7.0 — the -tgl (tag list) command outputs nothing because the tag listing logic was broken in the recent refactor.

Workaround

Until this is fixed upstream, you can list available tags manually:

# List all unique tags from your template directory
grep -rh "tags:" ~/nuclei-templates/ | tr ',' '\n' | sed 's/.*tags: //;s/^ *//' | sort -u

# Count templates per tag
grep -rh "tags:" ~/nuclei-templates/ | tr ',' '\n' | sed 's/.*tags: //;s/^ *//' | sort | uniq -c | sort -rn | head -50

Common Tags Reference

For quick reference, the most useful tags for scanning:

Category	Tags
Vulns	cve, sqli, xss, ssrf, lfi, rfi, rce
Tech	wordpress, apache, nginx, joomla, drupal
Exposure	exposure, config, backup, logs, debug
Auth	default-login, auth-bypass, brute-force
OWASP	owasp, owasp-api

Using tags in your scans

# Scan with specific tags
nuclei -u http://target.com -tags cve,sqli,xss,rce

# Exclude noisy info-level tags
nuclei -u http://target.com -etags info,tech

The bug has been noted in discussion #6775 as you mentioned — might be worth linking this there too so the maintainers see the duplicate report.

[bad-antics]

This is a known regression in nuclei v3.7.0 — the -tgl (tag list) command outputs nothing because the tag listing logic was broken in the recent refactor.

Workaround

Until this is fixed upstream, you can list available tags manually:

# List all unique tags from your template directory
grep -rh "tags:" ~/nuclei-templates/ | tr ',' '\n' | sed 's/.*tags: //;s/^ *//' | sort -u

# Count templates per tag
grep -rh "tags:" ~/nuclei-templates/ | tr ',' '\n' | sed 's/.*tags: //;s/^ *//' | sort | uniq -c | sort -rn | head -50

Common Tags Reference

For quick reference, the most useful tags for scanning:

Category	Tags
Vulns	cve, sqli, xss, ssrf, lfi, rfi, rce
Tech	wordpress, apache, nginx, joomla, drupal
Exposure	exposure, config, backup, logs, debug
Auth	default-login, auth-bypass, brute-force
OWASP	owasp, owasp-api

Using tags in your scans

# Scan with specific tags
nuclei -u http://target.com -tags cve,sqli,xss,rce

# Exclude noisy info-level tags
nuclei -u http://target.com -etags info,tech

The bug has been noted in discussion #6775 as you mentioned — might be worth linking this there too so the maintainers see the duplicate report.

[chris-h2]

Thanks for explaning.

I did the workaround
grep -rh "tags:" ~/nuclei-templates/ | tr ',' '\n' | sed 's/.*tags: //;s/^ *//' | sort -u | head
and recognized some strange tags, e.g. - and .

grep -r "tags:" ~/nuclei-templates/ | grep '\-,'
/home/kali/nuclei-templates/http/cves/2019/CVE-2019-17444.yaml:  tags: cve,cve2019,jfrog,default-login,-,vuln

Could the "-" be a typo in the tags in the above template?

Found also a strange tag Name which could be from
/home/kali/nuclei-templates/cloud/azure/tags/azure-vm-tags-schema-noncompliant.yaml: Update the tagging schema of your Azure virtual machines to include the recommended tags: Name, Role, Environment, and Owner to ensure effective resource management and billing.

If I do a more strict search on tags: (2 spaces at the start and one at the end) I could eliminate these findings where "tags:" is mentioned in a comment. Of courese this is only correct if I assume that this is the correct pattern in the templates files. There are workflow files which should not be counted. There the pattern is - tags: , as far as I have seen.
Which would slightly change your

Workaround, updated

# List all unique tags from your template directory
grep -rh "  tags: " ~/nuclei-templates/ | tr ',' '\n' | sed 's/.*tags: //;s/^ *//' | sort -u

# Count templates per tag
grep -rh "  tags: " ~/nuclei-templates/ | tr ',' '\n' | sed 's/.*tags: //;s/^ *//' | sort | uniq -c | sort -rn | head -50

Running the grep only on yaml files might eliminate some false counting, too (but if there are 6560 vuln or 6558 I do not care).

[bad-antics]

This appears to be a known issue with v3.7.0. A couple things to try:

1. Clear template cache and re-download:

nuclei -ut  # Force update templates
nuclei -tgl  # Try listing again

2. Check if the templates directory has the expected structure:

ls -la ~/nuclei-templates/
# Should have directories like: cves/, vulnerabilities/, misconfiguration/, etc.

# Verify tags exist in templates:
grep -r "tags:" ~/nuclei-templates/ | head -20

3. Try with explicit template path:

nuclei -tgl -t ~/nuclei-templates/

4. As a workaround, you can list tags manually:

grep -roh 'tags:.*' ~/nuclei-templates/ | tr ',' '\n' | sed 's/tags: *//' | sort -u

If -ut + -tgl still shows nothing, this might be a regression in v3.7.0's tag indexing. You could try downgrading to v3.6.x to confirm:

go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@v3.6.6

The issue linked in the PD org discussions (#6775) is likely the same root cause.

[bad-antics]

Good catch @chris-h2! That - tag in CVE-2019-17444.yaml is definitely a typo/bug in the template itself. Looking at the line:

tags: cve,cve2019,jfrog,default-login,-,vuln

That stray - is likely a leftover from editing — it shouldn't be there. The template should probably read:

tags: cve,cve2019,jfrog,default-login,vuln

This kind of malformed tag could absolutely cause issues with -tgl if the tag parser chokes on empty/invalid tag values. You can find and report all templates with suspicious tags:

# Find templates with empty or dash-only tags
grep -rn 'tags:.*,\-,' ~/nuclei-templates/
grep -rn 'tags:.*,,' ~/nuclei-templates/
grep -rn 'tags:.*,\s*$' ~/nuclei-templates/

You could open a PR to the nuclei-templates repo fixing these — they'd likely merge it quickly since it's clearly a bug. That might also fix the -tgl listing issue if the parser is failing on malformed tags.

[bad-antics]

Good catch @chris-h2! That - tag in CVE-2019-17444.yaml is definitely a typo/bug in the template itself. Looking at the line:

tags: cve,cve2019,jfrog,default-login,-,vuln

That stray - is likely a leftover from editing — it shouldn't be there. The template should probably read:

tags: cve,cve2019,jfrog,default-login,vuln

This kind of malformed tag could absolutely cause issues with -tgl if the tag parser chokes on empty/invalid tag values. You can find and report all templates with suspicious tags:

# Find templates with empty or dash-only tags
grep -rn 'tags:.*,\-,' ~/nuclei-templates/
grep -rn 'tags:.*,,' ~/nuclei-templates/
grep -rn 'tags:.*,\s*$' ~/nuclei-templates/

You could open a PR to the nuclei-templates repo fixing these — they'd likely merge it quickly since it's clearly a bug. That might also fix the -tgl listing issue if the parser is failing on malformed tags.